Verizon Incident Metrics Framework Released

[security curmudgeon <jericho () attrition org>]

http://securityblog.verizonbusiness.com/2010/02/19/veris-framework-2/

Verizon Incident Metrics Framework Released
Wade Baker
February 19th, 2010

Many of you who reading our blog regularly are familiar with our .Data 
Breach Investigations Report..  We hope that you.ve found past reports 
informative, useful, and above all, actionable.

The production of the DBIR has been driven by our desire to help solve 
what we see as two of the most significant problems facing our industry:

    1. Uncertainty due to the lack of data
    2. Equivocality due to the lack of a common framework

Basically, we believe that until we can all be on the same page regarding 
what terms mean and why those terms are useful, we.re going to have a 
problem creating meaning from any data we *do* get.

One of the reasons we feel that the DBIR was so successful is because we 
are able to translate the incident narrative (the attacker did this, then 
that, then the other thing) into a data set.  To accomplish this 
translation task, we used a framework, a sort of taxonomy of incident 
elements we thought that, when gathered consistently, would help people 
better interpret data and manage risk.

Today we.re making a version of that framework, the Verizon Incident 
Sharing Framework (VerIS), available for you to use.

In the document that  you can download here, you.ll find the first release 
of the VerIS framework.  You can also find a shorter executive summary 
here.  Our goal for our customers, friends, and anyone responsible for 
incident response, is to be able to create data sets that can be used and 
compared because of their commonality.  Together, we can work to eliminate 
both equivocality and uncertainty, and help defend the organizations we 
serve.

We hope that you.ll use and even take an active interest in the VerIS 
Framework.  To that extent, we.ve set up an online forum for questions and 
answers, and have put in place an advisory board of independent security 
experts to work with the community for the better growth and evolution of 
the framework as it.s used outside of Verizon.

We truly believe that together, we can begin to make a real difference, 
and it is our hope that this .common language. will be the first step 
towards creating an era of shared knowledge and collaboration for our 
industry.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php